A method and structure in a computer system, including a mechanism supporting a Secure Object that includes code and data that is cryptographically protected from other software on the computer system.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A processor in a computer system, said processor comprising a mechanism supporting a Secure Object that comprises information that is cryptographically protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object, wherein said mechanism comprises: a crypto engine that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the processor from an external memory and encrypts and updates an integrity value for the Secure Object information as said Secure Object information moves out of the processor to the external memory; and a protected key storage area, that is not accessible by software, used to store keys used for decryption and integrity-checking of Secure Object information when this information is moved into said processor from said external memory and for encryption of Secure Object information and generation of an integrity value as said information is moved out of said processor back to said external memory; and a machine instruction included in said Secure Object that includes a handle that is not usable by other software, the machine instruction using said handle to load a crypto key into said key storage area used by said crypto engine for decrypting said Secure Object, wherein the processor generates a cryptographic integrity exception if said handle of said Secure Object is used by any other software.
2. The processor of claim 1 , wherein said information of said Secure Object comprises code and data, including private information that is accessible only during execution of said code of said secure object by said processor.
3. The processor of claim 1 , wherein said mechanism further comprises: a first machine instruction for loading key information into said crypto engine that provides access to data of the Secure Object while the code of the Secure Object is executing on said processor; and a second machine instruction for restoring said key information in the crypto engine to a prior state.
4. The processor of claim 3 that loads into the crypto engine said key information, as obtained by decrypting information derived from a field of said first machine instruction.
5. The processor of claim 3 , wherein the first machine instruction that loads said key information into the crypto engine uses an indirect reference to key information that is stored in said protected area that protects said key information from other software.
6. The processor of claim 5 that uses a cryptographic integrity check mechanism to prevent software other than the Secure Object software from using the indirect reference.
7. The processor of claim 3 , further comprising at least one of an interrupt handler and operating system code that saves an indirect reference to crypto key information that provides access to said Secure Object if said executing of said Secure Object is interrupted and then restores said indirect reference when said executing is resumed.
8. The processor of claim 1 , wherein said information of said Secure Object comprises code and data, and said data includes private data and said private data is unencrypted only when it is accessed from within the Secure Object's code and only when that private data is within the processor.
9. The processor of claim 1 , further comprising at least one CPU cache associated with said processor that is protected during said executing of said Secure Object by said processor.
10. The processor of claim 1 , said Secure Object storing and retrieving information into and from a file system, said information being cryptographically protected from said other software.
11. The processor of claim 1 , wherein said mechanism is added to an existing processor in a manner that is backwards compatible, so that a previously-written code for said existing processor can execute on said existing processor as augmented, without modification or performance penalty.
12. A method of protecting private information on a computer, said method comprising providing a mechanism supporting a Secure Object comprising information that is cryptographically protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object, wherein said mechanism, performs the steps of: decrypting and integrity-checking Secure Object information as said Secure Object information moves into the processor from an external memory and encrypting and updating an integrity value for the Secure Object information as said Secure Object information moves out of the processor to the external memory; executing a machine instruction that is used by the Secure Object that uses a handle that is not usable by other software to load key information into said crypto engine that provides access to data of the Secure Object while the Secure Object is executing on said processor; and generating a CPU cryptographic integrity exception if the handle of a Secure Object is used by any other software.
13. The method of claim 12 , wherein said data of said Secure Object comprises private information that is accessible only during execution of said code of said secure object.
14. The method of claim 12 , further comprising: generating a Secure Object for use in said mechanism, said Secure Object comprising private information accessible in decrypted format only by executing an instruction in said Secure Object that decrypts said private information during a processing within said Secure Object; and sending said generated Secure Object to a memory.
15. The method of claim 12 , wherein said instruction loading said key information comprises a first instruction, said mechanism further comprising a second instruction for restoring the key information in the crypto engine to a prior state.
16. The method of claim 12 , further comprising loading into the crypto engine key information that is obtained by decrypting information derived from a field of said instruction.
17. The method of claim 12 , further comprising at least one of: calling another object during said executing of said Secure Object; and sending a message to another object during said executing of said Secure Object.
18. The method of claim 17 , further comprising a cryptographic transformation of private information when said private information is passed from a first Secure Object to a second Secure Object.
19. The method of claim 12 , wherein said Secure Object comprises at least one public interface through which other software can access said Secure Object to call or send messages to said Secure Object.
20. The method of claim 12 , further comprising: when other software tampers with a private code or private data of said Secure Object, said mechanism generating a cryptographic integrity exception when said Secure Object next accesses said private code or data; and when said Secure Object updates private data of said Secure Object using a protected key of said Secure Object, said mechanism updating integrity values of said Secure Object so that no integrity exception will occur when said Secure Object next accesses said private data.
21. A non-transitory storage medium storing one or more instructions executable on a processor within a system to perform a method of protecting private information on a computer, said method comprising providing a mechanism supporting a Secure Object comprising information that is cryptographically protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object, wherein said mechanism, performs the steps of: decrypting and integrity-checking Secure Object information as said Secure Object information moves into the processor from an external memory and encrypting and updating an integrity value for the Secure Object information as said Secure Object information moves out of the processor to the external memory; executing a machine instruction that is used by the Secure Object that uses a handle that is not usable by other software to load key information into said crypto engine that provides access to data of the Secure Object while the Secure Object is executing on said processor; and generating a CPU cryptographic integrity exception if the handle of a Secure Object is used by any other software.
22. The storage medium of claim 21 , as comprising one of: a memory in a computer that stores said instructions as said processor is executing said mechanism; a memory in a computer that stores said instructions as selectively executable by said processor; and a standalone diskette storing said instructions.
23. A data structure tangibly embodied in a non-transitory machine-readable storage medium, said data structure comprising: a Secure Object comprising information that is cryptographically protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object, said Secure Object comprising: information for a machine instruction that loads key information into a crypto engine that provides access to the Secure Object information while the Secure Object is executing on a processor, such that the Secure Object information is decrypted and integrity-checked as said Secure Object information moves into the processor from an external memory and is encrypted and an integrity value for the Secure Object information is updated as said Secure Object information moves out of the processor to the external memory, a machine instruction included in said Secure Object that includes a handle that is not usable by other software, the machine instruction using said handle to load a crypto key into said crypto engine for decrypting said Secure Object information, wherein the processor generates a cryptographic integrity exception if said handle of said Secure Object is used by any other software.
24. A machine instruction implemented on a machine, said machine instruction comprising a mechanism supporting a Secure Object that comprises information that is cryptographically protected so that other software on said machine cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object, said mechanism: decrypting and integrity-checking Secure Object information as said Secure Object information moves into the processor from an external memory; encrypting said Secure Object information and updating an integrity value for the Secure Object information as said Secure Object information moves out of the processor to the external memory; executing a machine instruction that is used by the Secure Object that uses a handle that is not usable by other software to load key information into said crypto engine that provides access to the Secure Object information while the Secure Object is executing on said processor; and generating a CPU cryptographic integrity exception if the handle of a Secure Object is used by any other software.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 26, 2009
August 26, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.